Today’s security and compliance environment is challenging, and no single vendor can solve the entire problem for you. CyberArk understands this, which is why we’ve created a powerful ecosystem of technology and channel partners that can provide you with a complete solution for your privileged account security and compliance requirements.

CyberArk’s award-winning software protects the high value assets of leading companies and government organizations around the world. We take that responsibility seriously. That’s why we only hire the best.

Organizations are discovering that as the use and adoption of DevOps and Agile IT has increased, securing these environments has become an increasingly important priority. In fact, in just a few years DevOps has changed how IT operates, and most importantly for security professionals, the increased use of micro-services, together with the increased number of DevOps tools used in the CI/CD pipeline, has expanded the attack surface relative to more traditional development environments. The four major drivers expanding the attack surface include:

More secrets

More components

Increased volatility

Increased scale

Top Requirements

The top requirements for securing an organization’s DevOps environment include factors such as the ability to:

Consistently manage all types of secrets.

Avoid islands of security or reliance on the native capabilities of standalone tools.

Security teams wrestling with how DevOps security fits within the organization’s broader Privileged Access Security environment should find the insights particularly interesting. For example, existing solutions alone are likely not adequate for securing Agile IT and DevOps environments. They simply don’t meet the requirements necessary for securing a typical, highly dynamic DevOps environment. Instead specialized security solutions are needed to secure DevOps environments, in addition to the existing privileged access security solutions the organization has deployed. However, rather than two separate systems, some form of integrated solution is required.

Action Plan for Securing Secrets

Most importantly, the report outlines an action plan for securing secrets and credentials in DevOps and Agile IT environments and highlights the importance of:

Making it easy for developers to secure their applications and code.

Isolating APIs so that security services can be refreshed and changed without requiring changes to code.

Providing an integrated view and ability to manage privilege and secrets.

Capturing and monitoring events by integrating with SIEM and other security systems.

A full copy of the report is available here. For more information on CyberArk solutions, including CyberArk Conjur for securing DevOps environments, visit cyberark.com/conjur. CyberArk Conjur is also available as open source at conjur.org – the open source version enables developers to rapidly gain experience using a powerful secrets management solution.